[Zope-CMF] security and login problem

[Chris Withers]

Tres Seaver wrote:

> *If* they are going to be present at all, then yes, they should only be
> there on the source port (but I want them out by default).

Ditto. It feels to me like there should be an application-way of saying whether 
the current request should include those headers.

I guess that also means we need to make FTP_GET hookable at the application 
level, unless there's a decent way we can distringuish between 'get for editing' 
(needs crappy M$ header) from 'get for reading' (which must not have crappy M$ 
header...)

cheers,

Chris